Re^2: One true regexp for untainting windows filenames?


There's more than one way to do things
	PerlMonks

Re^2: One true regexp for untainting windows filenames?

by jaldhar (Vicar)

on Jan 08, 2009 at 23:42 UTC ( #735047=note: print w/ replies, xml )

Need Help??

in reply to Re: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?

Thanks for the tip. I found slightly more understandable code in File::Spec which has resulted in the following regexps: for Unix...

qr{(\A (?: .* / (?: \.\.?\z )? )? [^/]* )}msx;
[download]

...and Windows (includes UNC paths)...

qr{(\A
    (?:
        [a-zA-Z]:
        |
        (?:\\\\\\\\|//)[^\\\\/]+[\\\\/][^\\\\/]+
    )?
    (?:.*[\\/](?:\.\.?\Z(?!\n))?)?
    .*
)}msx;
[download]

--
જલધર

Comment on Re^2: One true regexp for untainting windows filenames? Select or Download Code
Re^3: One true regexp for untainting windows filenames? by ikegami (Pope) on Jan 09, 2009 at 05:33 UTC
There is no a string that `qr{(\A (?: .* / (?: \.\.?\z )? )? [^/]* )}msx` [download] won't match. It's wrong for two reasons. "foo" gets "untainted" as "". "x/xx\0xx"" is believed to be a valid file name, but it isn't. Valid unix paths and only valid unix paths match `qr{^([\0]+)\z}` [download] (Although that doesn't mean there can ever be a file referenced by that path.)	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://735047]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others exploiting the Monastery: (12)

As of 2013-06-19 11:24 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

How many continents have you visited?

Results (654 votes), past polls